What do Theranos, 23andMe, and Zenefits have in common? These well-hyped companies failed to meet regulatory requirements.

In 2013, 23andMe got slapped by federal regulators for failing to respond to emails. In 2015, the much-hyped biotech startup Theranos was cited by the feds for serious deficiencies that put patient safety in “immediate jeopardy.” And last week, Zenefits, a company that claimed to demystify compliance, announced that its CEO would resign for, you guessed it, problems with compliance.

advertisement

advertisement

These startups are tackling different aspects of health care, but they have a few things in common: eye-popping valuations, and a willingness to flout regulations. In the past, some pundits have explained this risky behavior as typical Silicon Valley “arrogance,” combined with ignorance. But that explanation has always seemed overly simplistic to me.

In the wake of the latest scandal, I reached out to half a dozen experts for their take on why some health startups are still taking shortcuts that get them in trouble.

Many digital health startups emerged at a time of great change in the health sector. The Affordable Care Act and other reforms opened up a wealth of new opportunities for Silicon Valley’s entrepreneurs.

In recent years, I’ve seen early employees from the largest tech companies, including Zynga, Apple, Google, and Twitter, migrate into health care. Many of them told me they hit on an idea after a personal experience with the broken health care system; others hoped to bring modern technology to an industry that still relies on fax machines.

But unfortunately, the “move fast, break things” mentality that is fundamental to the success of consumer-tech companies doesn’t fly in health care. It can take up to a decade for new products to get regulatory approval, and that requires clinical trials, well-funded research studies, and more. That’s far longer than some Silicon Valley companies–and their investors–are willing to wait.

In some cases, entrepreneurs took shortcuts and generated hype rather than hard evidence. Theranos won headlines, but declined to provide any peer-reviewed research to back up its claims that it could perform hundreds of blood tests with a mere drop of blood. Zenefits is currently being investigated by California regulators for purportedly selling insurance policies without proper brokers’ licenses.

advertisement

“The tech community isn’t used to dealing with studies, FDA approval, publications, and reimbursement,” says Skip Fleshman, a digital health investor with Asset Management Ventures. “[But] the tech community wants things to happen fast. Obviously that doesn’t work in health care.”

Ever stayed home on a Friday night, but regretted it after a few minutes perusing friends’ pics on Facebook?

Investors get that same fear of missing out, or FOMO, according to Steve Kraus, a health-focused venture capitalist at Bessemer Venture Partners. “There is this race to lock down hot deals,” he says. “Sometimes detailed compliance and regulatory review can fall by the wayside.”

This can eventually result in prioritizing growth and customer acquisition before anything else. “Entrepreneurs face immense pressure to grow and meet these expectations,” Kraus explains. Unlike consumer-tech, it’s challenging for health entrepreneurs to scale quickly because of the regulatory requirements, privacy concerns, and more.

But it’s possible that we’re at the beginning of a learning curve for the VC community. Many of the investors who funded the 267 digital health companies that raised more than $2 million in 2015 made their money in consumer tech, and are somewhat new to health care.

For us, compliance is like oxygen. Without it, we die. The fact is that many of our internal processes, controls, and actions around compliance have been inadequate, and some decisions have just been plain wrong.

It’s an apt analogy, as compliance is fundamental to a health care company’s survival. But it’s often in the background, like the oxygen we breathe.

When Gusto (formerly ZenPayroll), decided to start its own version of Zenefits, its founders tasked the team with prioritizing compliance from the outset. Gusto’s benefits advising and operations lead Lauren Fifield says one of her first moves was to hire two compliance experts who would help guide the product.

As Fifield explains, meeting regulatory requirements isn’t particularly complicated. But it is resource-intensive and time consuming. For instance, Gusto sought out cloud-based tools that complied with HIPAA (the set of rules that govern how health information is shared), rather than selecting the cheapest option. It also meant that engineers were frequently tasked with baking in additional security measures. Fifield spent months studying for her brokers’ license.

“Compliance is a little like the black swan,” she says.

“If you’re not compliant, then it’s possible that no one will ever find out or care,” she says. “But if something bad happens, you better have been compliant from the beginning.”

As a result, startups will act in defiance or indifferently to regulators. In 2013, 23andMe famously blew through deadlines and effectively cut off communication with the FDA for a matter of months. That prompted regulators to take action.

“Behaving in an antagonistic way with regulators is surprisingly common, in many different types of companies, large and small, startup or established,” says Arien Malec, a vice president at RelayHealth and a former government employee.

But in recent years, the FDA has taken active steps to dispel this image and work more closely with entrepreneurs. The agency recently announced a partnership with a medical technology startup accelerator program. And its commissioners are frequently spotted at startup conferences. And it has proven willing to work with companies, even after high-profile missteps. After a two-year hiatus, 23andMe relaunched its product with the FDA’s green light.

Malec says startups can hire regulatory experts who can build, or even restore, a relationship with agencies. Entrepreneurs at early-stage companies should reach out to regulators with questions. After all, many laws are written in a way that is open to interpretation.

“In these cases, companies can engage regulatory bodies” Fifield added. “That’s what they’re here for. Why not just pick up the phone and give them a call?”